IT Governance

Weill, P., & Ross, J. W. (2004) make a notable point regarding the stunted maturity in terms of IT assets and governance mechanisms within organizations even with the rapid development of technology-based business processes and structure. Although the material is rather dated, I think that it is still a notable point and a reality for several companies both mature and young. IT governance is a relatively new concept and the management of IT assets is still a learning process for most companies. IT governance will vary drastically from one firm to the next, and are largely a product of their environment (Weill, P., & Ross, J. W., 2004).

Each company has their own set of unique desirable behaviours and strategy that have a great influence on which direction a particular firm's IT governance heads, and how quickly it progresses. Because each environment is so unique, although certain concepts and principles may be standard across organizations, the way departments interoperate is vital to understanding how IT governance within an organization is a reflection of the various interdependencies between departments and influenced by historical events within the organization and the experience of the employees and managers involved in making these decisions.

Because the corporate organism, so-to-speak, is so unique, the process of developing and improving IT governance is often a by-product of analysts abilities to be proactive in implementing governance mechanisms that limit risk and reduce the likelihood of crisis scenarios, as well as to improve the effectiveness and efficiency of the corporation. To be most effective in implementing IT governance protocols and standards, they must align with the organization's overall strategy and goal, and should go to complement value-producing activities within the organization, both customer and business value (Weill, P., & Ross, J. W., 2004). It is a concept that is much easier to describe than it is to implement, as the average assessment of how well IT governance is integrated with governance of the other key assets by fourty-two CIOs was less than 3 on a 5 point scale. Granted the CIO may be a little biased, this is an alarming figure that shows a glaring reality in today's corporations; interdepartmental cooperation with the IT department is still a work in progress (Weill, P., & Ross, J. W., 2004).

As The Adventures of an IT Leader (2009) novel shows us, important areas in IT, such as security for example, can often be overlooked by senior-level management as a reduced priority and thus approval for budget increases can be a long-faught, and often futile, process. As previous lessons have indicated, departments other than IT are often not very well educated on the importance of IT endeavours, nor are they very accustomed with the jargon. Most managers are really just nodding their head, hoping the IT representative will just stop talking; this could be a slight exaggeration, but you get the point. It is important for a corporation in this day and age to promote a culture that recognizes the value of IT and provide them with the fiscal resources to make independent decisions for the company (Huff, S. L., Maher, P. M., & Munro, M. C., 2004). In return, all levels of management should educate themselves on various IT topics and work towards an environment that promotes sharing information across appropriate business units to make project coordination work more efficiently and effectively (Huff, S. L., Maher, P. M., & Munro, M. C., 2004).

If it's not difficult enough trying to coordinate decison-making across multiple business units, the IT department must also have strict protocols and regulation in place to govern their own department (McKeen, J. D., & Smith, H. A., 2012). Project management methodologies, detailed log reports, strict commenting of code, and documentation and development manuals for software are just a few of many examples of governance concepts that can make or break productivity and the ability to respond in a crisis (McKeen, J. D., & Smith, H. A., 2012). Strict documentation of who accessed what, when they did, and for what reason can help to provide a very detailed trail of recent activities that can provide invaluable information in the event of a crisis, as well as to reduce miscommunication and duplication of activities. However, the reality is that not every crisis can be avoided, and it would be foolhardy to expend too many resources trying to protect the organization from every security threat(McKeen, J. D., & Smith, H. A., 2012). Prioritizing security threats and patching those that could result in the most damage to the company is a common strategy for most organizations (McKeen, J. D., & Smith, H. A., 2012).

Huff, S. L., Maher, P. M., & Munro, M. C. (2004). What boards don’t do—but must do—about information technology. Ivey Business Journal, (69)1, 1–4.

Austin, R. D., Nolan, R. L., & O'Donnell, S. (2009). The adventures of an IT leader. Boston, MA: Harvard Business Press.

McKeen, J. D., & Smith, H. A. (2012). IT strategy: Issues and practices. Boston: Prentice Hall.

Weill, P., & Ross, J. W. (2004). IT governance simultaneously empowers and controls. In IT Governance: How Top Performers Manage IT Decision Rights for Superior Results (Chapter 1). Norwood, MA: Harvard Business Press.